[ previous ] [ next ] [ threads ]
 
 From:  "Daniel Foster" <dan at melbourne dot co dot uk>
 To:  "Ugo Bellavance" <ugob at camo dash route dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: Public webservers behind monowall
 Date:  Fri, 3 Jun 2005 14:07:29 +0100
Great, I'll give that a try.  I'm going to take my m0n0 test box to the datacentre next week so I'll
give it a try on some test subnets.  :)

Dan

 | -----Original Message-----
 | From: news [mailto:news at sea dot gmane dot org] On Behalf Of Ugo Bellavance
 | Sent: 03 June 2005 14:04
 | To: m0n0wall at lists dot m0n0 dot ch
 | Subject: [m0n0wall] Re: Public webservers behind monowall
 | 
 | Daniel Foster wrote:
 | > Hi,
 | >  
 | > I'm trying to setup m0n0wall to protect webservers in a 
 | colo facility.  We have a /24 subnet routed to us over a /30 
 | link.  My plan was to assign an ip on the /30 to the EXT 
 | interface, and then put the /24 on the OPT1 interface, (and 
 | not use the LAN interface apart from initial config and 
 | perhaps SNMP) and have m0n0wall do the routing.  We have it 
 | setup like this currently with Watchguard Fireboxes, but 
 | we're having various problems with them so i'd like to 
 | switch to m0n0 if possible.
 | >  
 | > Is the above possible without doing 1:1 NAT and having to 
 | give the webservers private IPs?
 | >  
 | > This setup is slightly different to the example in the 
 | documentation - 
 | > we don't want m0n0 doing proxy arp sat on the same subnet as the 
 | > webservers - it needs to have the whole of the /24 on the OPT1 
 | > interface
 | >  
 | > I've tried to do this in a test environment in our office 
 | but it doesnt seem to be working properly - it could be 
 | because im simulating it with private IPs.
 | >  
 | 
 | I think you only have to disable NAT, by activating advanced 
 | nat and not putting any NAT rules.  Then put firewall rules 
 | to allow traffic you want.
 | 
 | > Any help would be most appreciated.
 | >  
 | > Kind Regards,
 | > Dan Foster
 | > 
 | 
 | 
 | ---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 | 
 | 
 | --
 | No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005
 |  
 | 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.5.1 - Release Date: 02/06/2005